Don’t underestimate the cyberthreat from Syria and North Korea

Ted Koppel is the author of “Lights Out” and senior contributor to “CBS Sunday Morning.”

As the Trump administration confronts the nuclear ambitions of North Korea’s Kim Jong Un and the toxic fallout from Bashar al-Assad’s chemical warfare against Syrian civilians, it is worth remembering that both dictators also command cyber-units. On the face of it, their impact is significantly less lethal, and they can easily be underestimated.

At the extreme, cyberattacks can have a devastating impact. China, Russia and (it must be noted) the United States have already planted cyber landmines within the control systems that regulate each nation’s infrastructure. The complexity of the relationships among these three nations, however, makes it highly unlikely that any of them would unleash its most powerful cyber-weapons on the others. It is notable that no such constraints exist between the United States and either Syria or North Korea.

Neither walls nor extreme vetting are of much use against cyberwarfare. It is an enormously flexible weapon system, with a range from bothersome to devastating. It empowers the weak and exposes the vulnerabilities of superpowers. The United States, because of its extraordinary dependence on the Internet, may be the most vulnerable of all nations.

Take, for example, the cyber-tantrum that Kim allegedly inflicted on Sony Pictures Entertainment in 2014. Predictably infuriated by the company’s production of “The Interview,” a comedy predicated on the planned assassination of Kim by a pair of American TV journalists, the North Korean leader appears to have extacted his revenge by ordering the takedown of Sony Pictures’ corporate computer system.

It remained inoperable for an extended period. Budgets and executive and superstar compensation packages were made public. The hackers claimed they had more than 100 terabytes of Sony Pictures data and warned the company against releasing the film. The intimidation worked for several weeks; then Sony Pictures, publicly chastened by First Amendment advocates and President Barack Obama for failing to uphold freedom of speech, distributed the film to more than 300 theaters.

The president’s personal engagement, as well as his warning that the United States would “respond proportionately” against North Korea at a time of its choosing, reflected an understanding that the attack had larger implications. Sony Pictures had made enormous investments in cyber-protection, including no fewer than 42 firewalls. The failure of that system underscored one of the fundamental rules of cyberwarfare: A determined offense almost always defeats defense. A stratagem effectively employed against a large and cyber-conscious company could also be successfully directed against critical U.S. infrastructure.

Then there is the intriguing case of the Syrian Electronic Army, which claimed responsibility for hacking into an Associated Press Twitter account. On April 23, 2013, that account put out an erroneous tweet: “Breaking: Two Explosions in the White House and Barack Obama is injured.” Within a matter of minutes, AP issued a correction, by which time, however, $136 billion in equity market value had been erased. The market recovered in short order. A blog post by The Post variously referred to the hack as “both juvenile and easily fixed”; and as “a surprisingly sophisticated bit of cyber-espionage in pursuit of some childish vandalism.” More than likely, it was neither.

In what may have been an extraordinary coincidence, the attack came just at the time that the Obama White House sent letters to Sen. John McCain (R-Ariz.) and then-Sen. Carl Levin (D-Mich.) stating the following: “Because of our concern about the deteriorating situation in Syria, the president has made it clear that the use of chemical weapons — or transfer of chemical weapons to terrorist groups — is a red line for the United States of America. The Obama administration has communicated that message publicly and privately to governments around the world, including the Assad regime.”

What may indeed have been a clumsy, juvenile piece of childish vandalism — that is, the phony AP tweet — could also have been a far more sophisticated warning from Syria: President Bashar al-Assad drawing his own “red line.” A friendly reminder that if an easily discernible and correctable hack into a Twitter account can produce a $136 billion plummet in equity market value, it might be useful to consider what a more refined attack on the U.S. banking system could do.

Whatever the rationale, the Obama administration never took military action against Syria. As President Trump considers his options against Syria and North Korea, his advisers would do well to remind him that cyberwarfare has a way of leveling the battlefield between a second- or even third-rate military power and the world’s undisputed military superpower.

Not as alarming as the specter of a North Korean intercontinental ballistic missile armed with a nuclear warhead, nor as worrisome as chemical or biological terrorism. But easier to carry out and much more likely.